Bug 283675

Summary: [PATCH] Crash in MP4TagHelper::embeddedCover()
Product: [Applications] amarok Reporter: Charles Reiss <woggling>
Component: Collections/LocalAssignee: Amarok Developers <amarok-bugs-dist>
Status: RESOLVED FIXED    
Severity: crash CC: 123kash, alinm.elena, arxus82, bam.bam12345678, fran7979, havoc65, jonny.privateproperty, l.schueler, larry_dewey5307, logan.erbst, pilotgi, ralf-engels
Priority: NOR    
Version: 2.4-GIT   
Target Milestone: 2.5   
Platform: Compiled Sources   
OS: Unspecified   
Latest Commit: Version Fixed In: 2.5
Sentry Crash Report:
Attachments: patch to fix
backtrace

Description Charles Reiss 2011-10-09 23:07:46 UTC
Created attachment 64375 [details]
patch to fix

Version:           2.4-GIT (using Devel) 
OS:                OS X

MP4TagHelper::embeddedCover() stores a pointer to a TagLib::MP4::CoverArt item in a TagLib::MP4::CoverArtList which goes out of scope.

Reproducible: Always

Steps to Reproduce:
Populated dynamic playlist including M4A files with embedded cover art.


Expected Results:  
No crash.
Comment 1 Myriam Schweingruber 2011-10-11 13:20:55 UTC
Could you maybe also report the crash with a proper backtrace first?
Also please submit patches to http://reviewboard.kde.org
Comment 2 Charles Reiss 2011-10-11 16:12:46 UTC
Created attachment 64415 [details]
backtrace

Backtrace attached.
Comment 3 Myriam Schweingruber 2011-10-11 16:51:02 UTC
Backtrace from comment #2: (please always paste backtraces inline, else the database is not searchable)

The backtrace shows similarities to bugs #265590 and #265591 (duplicates of #265577, fixed in taglib) as well as #282157 )duplicate of #262955 a MySQL related bug).

Thread 1 (process 6133):
#0  0x00007fffffe001a0 in __atomic_add32 ()
#1  0x00007fff82d4e17e in OSAtomicAdd32Barrier ()
#2  0x00000001008af056 in Meta::Tag::MP4TagHelper::embeddedCover (this=<value temporarily unavailable, due to optimizations>) at /Users/charles/software/amarok/shared/tag_helpers/MP4TagHelper.cpp:182
#3  0x0000000100860593 in Meta::Tag::embeddedCover (path=<value temporarily unavailable, due to optimizations>) at /Users/charles/software/amarok/shared/MetaTagLib.cpp:309
#4  0x000000011e936a19 in Meta::SqlAlbum::image (this=0x125187040, size=90) at /Users/charles/software/amarok/src/core-impl/collections/db/sql/SqlMeta.cpp:1554
#5  0x000000011e936806 in Meta::SqlAlbum::imageLocation (this=0x125187040, size=90) at /Users/charles/software/amarok/src/core-impl/collections/db/sql/SqlMeta.cpp:1593
#6  0x000000010078c157 in Meta::ProxyAlbum::imageLocation (this=<value temporarily unavailable, due to optimizations>, size=90) at /Users/charles/software/amarok/src/core-impl/collections/proxycollection/ProxyCollectionMeta.cpp:845
#7  0x0000000100a6a4d3 in SvgHandler::imageWithBorder (this=0x1226a5ed0, album=@0x7fff5fbf4330, size=<value temporarily unavailable, due to optimizations>, borderWidth=5) at /Users/charles/software/amarok/src/SvgHandler.cpp:249
#8  0x0000000100723ad9 in Playlist::Model::data (this=0x108a950a0, index=@0x7fff5fbf44b0, role=<value temporarily unavailable, due to optimizations>) at /Users/charles/software/amarok/src/playlist/PlaylistModel.cpp:376
#9  0x000000010375f1bb in QSortFilterProxyModel::data ()
#10 0x000000010375f1bb in QSortFilterProxyModel::data ()
#11 0x000000010375f1bb in QSortFilterProxyModel::data ()
#12 0x000000010077a04b in Playlist::GroupingProxy::data (this=<value temporarily unavailable, due to optimizations>, index=<value temporarily unavailable, due to optimizations>, role=<value temporarily unavailable, due to optimizations>) at /Users/charles/software/amarok/src/playlist/proxymodels/GroupingProxy.cpp:194
#13 0x000000010076b999 in qvariant_cast<QPixmap> [inlined] () at /Users/charles/software/amarok/src/playlist/view/listview/PrettyItemDelegate.cpp:318
#14 qVariantValue<QPixmap> [inlined] () at qvariant.h:599
#15 value<QPixmap> [inlined] () at /opt/local/include/QtCore/qvariant.h:336
#16 0x000000010076b999 in Playlist::PrettyItemDelegate::paintItem (this=0x1248756d0, config=@0x7fff5fbf52c0, painter=0x7fff5fbf5720, option=@0x7fff5fbf5100, index=@0x126490ca0, headerRow=false) at qvariant.h:318
#17 0x000000010076df04 in Playlist::PrettyItemDelegate::paint (this=0x1248756d0, painter=0x7fff5fbf5720, option=@0x7fff5fbf5490, index=@0x126490ca0) at /Users/charles/software/amarok/src/playlist/view/listview/PrettyItemDelegate.cpp:136
#18 0x00000001036feb18 in QListView::paintEvent ()
#19 0x000000010076f9fa in Playlist::PrettyListView::paintEvent (this=0x124873420, event=0x7fff5fbf6350) at /Users/charles/software/amarok/src/playlist/view/listview/PrettyListView.cpp:669
#20 0x0000000103261776 in QWidget::event ()
#21 0x00000001035bef5c in QFrame::event ()
#22 0x000000010364a687 in QAbstractScrollArea::viewportEvent ()
#23 0x00000001036dbaab in QAbstractItemView::viewportEvent ()
#24 0x000000010364cb60 in QAbstractScrollAreaFilter::eventFilter ()
#25 0x00000001023c6b87 in QCoreApplicationPrivate::sendThroughObjectEventFilters ()
#26 0x00000001032079fe in QApplicationPrivate::notify_helper ()
#27 0x000000010320d88d in QApplication::notify ()
#28 0x00000001026f220e in KApplication::notify ()
#29 0x00000001022d9e7c in QCoreApplication::notifyInternal ()
#30 0x0000000103207bec in qt_sendSpontaneousEvent ()
#31 0x00000001031b143d in -[QCocoaView drawRect:] ()
#32 0x00007fff834a1cc5 in -[NSView _drawRect:clip:] ()
#33 0x00007fff834a0938 in -[NSView _recursiveDisplayAllDirtyWithLockFocus:visRect:] ()
#34 0x00007fff8349f00a in -[NSView _recursiveDisplayRectIfNeededIgnoringOpacity:isVisibleRect:rectIsVisibleRectForView:topView:] ()
#35 0x00007fff8349fed6 in -[NSView _recursiveDisplayRectIfNeededIgnoringOpacity:isVisibleRect:rectIsVisibleRectForView:topView:] ()
#36 0x00007fff8349fed6 in -[NSView _recursiveDisplayRectIfNeededIgnoringOpacity:isVisibleRect:rectIsVisibleRectForView:topView:] ()
#37 0x00007fff8349fed6 in -[NSView _recursiveDisplayRectIfNeededIgnoringOpacity:isVisibleRect:rectIsVisibleRectForView:topView:] ()
#38 0x00007fff8349fed6 in -[NSView _recursiveDisplayRectIfNeededIgnoringOpacity:isVisibleRect:rectIsVisibleRectForView:topView:] ()
#39 0x00007fff8349fed6 in -[NSView _recursiveDisplayRectIfNeededIgnoringOpacity:isVisibleRect:rectIsVisibleRectForView:topView:] ()
#40 0x00007fff8349fed6 in -[NSView _recursiveDisplayRectIfNeededIgnoringOpacity:isVisibleRect:rectIsVisibleRectForView:topView:] ()
#41 0x00007fff8349fed6 in -[NSView _recursiveDisplayRectIfNeededIgnoringOpacity:isVisibleRect:rectIsVisibleRectForView:topView:] ()
#42 0x00007fff8349eb2c in -[NSThemeFrame _recursiveDisplayRectIfNeededIgnoringOpacity:isVisibleRect:rectIsVisibleRectForView:topView:] ()
#43 0x00007fff8349b3de in -[NSView _displayRectIgnoringOpacity:isVisibleRect:rectIsVisibleRectForView:] ()
#44 0x00007fff83414c0e in -[NSView displayIfNeeded] ()
#45 0x00000001031b5907 in -[QCocoaWindow displayIfNeeded] ()
#46 0x00007fff8340faba in _handleWindowNeedsDisplay ()
#47 0x00007fff826dfb37 in __CFRunLoopDoObservers ()
#48 0x00007fff826bb464 in __CFRunLoopRun ()
#49 0x00007fff826badbf in CFRunLoopRunSpecific ()
#50 0x00007fff8a2e2c64 in -[NSRunLoop(NSRunLoop) runMode:beforeDate:] ()
#51 0x00007fff8a32e21e in -[NSRunLoop(NSRunLoop) runUntilDate:] ()
#52 0x00007fff8372788b in NSCoreDragReceiveProc ()
#53 0x00007fff8a20eeef in DoDropMessage ()
#54 0x00007fff8a20f384 in SendDropMessage ()
#55 0x00007fff8a210ce1 in DragInApplication ()
#56 0x00007fff8a211749 in CoreDragStartDragging ()
#57 0x00007fff83726938 in -[NSCoreDragManager _dragUntilMouseUp:accepted:] ()
#58 0x00007fff8372637e in -[NSCoreDragManager dragImage:fromWindow:at:offset:event:pasteboard:source:slideBack:] ()
#59 0x00007fff839e151e in -[NSWindow(NSDrag) dragImage:at:offset:event:pasteboard:source:slideBack:] ()
#60 0x00000001031b297d in QDragManager::drag ()
#61 0x000000010321cdcb in QDrag::exec ()
#62 0x00000001036dcc38 in QAbstractItemView::startDrag ()
#63 0x00000001006caa90 in dbgstreamwrapper [inlined] () at /Users/charles/software/amarok/src/browsers/CollectionTreeView.cpp:552
#64 Debug::debug () at /Users/charles/software/amarok/src/core/support/Debug.h:149
#65 0x00000001006caa90 in CollectionTreeView::startDrag (this=0x1228c0d90, supportedActions=@0x7fff5fbfaae0) at Debug.h:553
#66 0x00000001036d8f91 in QAbstractItemView::mouseMoveEvent ()
#67 0x00000001006c447b in CollectionTreeView::mouseMoveEvent (this=0x1228c0d90, event=0x7fff5fbfb7d0) at /Users/charles/software/amarok/src/browsers/CollectionTreeView.cpp:396
#68 0x00000001006f864f in CollectionBrowserTreeView::mouseMoveEvent (this=0x1228c0d90, event=0x7fff5fbfb7d0) at /Users/charles/software/amarok/src/browsers/collectionbrowser/CollectionBrowserTreeView.cpp:44
#69 0x00000001032617f3 in QWidget::event ()
#70 0x00000001035bef5c in QFrame::event ()
#71 0x000000010364a687 in QAbstractScrollArea::viewportEvent ()
#72 0x00000001036dbaab in QAbstractItemView::viewportEvent ()
#73 0x00000001006f871c in CollectionBrowserTreeView::viewportEvent (this=0x1228c0d90, event=0x7fff5fbfb7d0) at /Users/charles/software/amarok/src/browsers/collectionbrowser/CollectionBrowserTreeView.cpp:112
#74 0x000000010364cb60 in QAbstractScrollAreaFilter::eventFilter ()
#75 0x00000001023c6b87 in QCoreApplicationPrivate::sendThroughObjectEventFilters ()
#76 0x00000001032079fe in QApplicationPrivate::notify_helper ()
#77 0x000000010320f590 in QApplication::notify ()
#78 0x00000001026f220e in KApplication::notify ()
#79 0x00000001022d9e7c in QCoreApplication::notifyInternal ()
#80 0x0000000103207bec in qt_sendSpontaneousEvent ()
#81 0x00000001031be0b8 in qt_mac_handleMouseEvent ()
#82 0x00007fff834df0c7 in -[NSWindow sendEvent:] ()
#83 0x00000001031b5cdb in -[QCocoaWindow sendEvent:] ()
#84 0x00007fff83413afa in -[NSApplication sendEvent:] ()
#85 0x00000001031b92e8 in -[QNSApplication sendEvent:] ()
#86 0x00007fff833aa6de in -[NSApplication run] ()
#87 0x00000001031c2e65 in QEventDispatcherMac::processEvents ()
#88 0x00000001023c6244 in QEventLoop::processEvents ()
#89 0x00000001023c6564 in QEventLoop::exec ()
#90 0x00000001023c7b6c in QCoreApplication::exec ()
#91 0x0000000100013912 in main (argc=3, argv=0x7fff5fbfe7c0) at /Users/charles/software/amarok/src/main.cpp:294
Comment 4 Charles Reiss 2011-10-11 17:05:57 UTC
I've reproduced this bug while linking against taglib at commit 6ea859 (HEAD as of 2011-10-08), so I'm pretty sure the crashes I saw weren't the fixed taglib problem.
Comment 5 Myriam Schweingruber 2011-10-27 17:39:45 UTC
*** Bug 285072 has been marked as a duplicate of this bug. ***
Comment 6 Myriam Schweingruber 2011-10-27 17:41:40 UTC
Same bug in Linux, changing OS
Comment 7 Sergey Ivanov 2011-10-29 08:22:34 UTC
Git commit 9fc3a1884e4524fbb2064903b3ef1f4b2c55f44a by Sergey Ivanov.
Committed on 29/10/2011 at 07:57.
Pushed by ivanov into branch 'master'.

Prevent crash on getting cover from MP4 files. Thanks to Charles Reiss <woggling@gmail.com> for this patch.
BUG: 283675
FIXED-IN: 2.5
REVIEW: 102828

M  +2    -0    ChangeLog
M  +8    -6    shared/tag_helpers/MP4TagHelper.cpp

http://commits.kde.org/amarok/9fc3a1884e4524fbb2064903b3ef1f4b2c55f44a
Comment 8 Myriam Schweingruber 2011-11-19 08:39:24 UTC
*** Bug 286972 has been marked as a duplicate of this bug. ***
Comment 9 Myriam Schweingruber 2011-11-20 21:34:53 UTC
*** Bug 286897 has been marked as a duplicate of this bug. ***
Comment 10 Myriam Schweingruber 2011-11-20 21:38:59 UTC
*** Bug 287043 has been marked as a duplicate of this bug. ***
Comment 11 Myriam Schweingruber 2011-11-25 07:43:43 UTC
*** Bug 287373 has been marked as a duplicate of this bug. ***
Comment 12 Myriam Schweingruber 2011-11-27 21:41:25 UTC
*** Bug 287701 has been marked as a duplicate of this bug. ***
Comment 13 Myriam Schweingruber 2011-11-27 21:42:42 UTC
*** Bug 287705 has been marked as a duplicate of this bug. ***
Comment 14 Myriam Schweingruber 2011-11-28 11:03:56 UTC
*** Bug 287715 has been marked as a duplicate of this bug. ***
Comment 15 Myriam Schweingruber 2011-12-01 21:43:34 UTC
*** Bug 288016 has been marked as a duplicate of this bug. ***
Comment 16 Myriam Schweingruber 2012-06-05 11:55:39 UTC
*** Bug 301187 has been marked as a duplicate of this bug. ***